VYPR

HelpDesk & Customer Ticketing System

by WordPress

CVEs (7)

  • CVE-2025-10054MedNov 21, 2025
    risk 0.21cvss 4.3epss 0.00

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_remove_agent' function in all versions up to, and including, 3.3.1. This makes it possible for…

  • CVE-2025-11456Nov 21, 2025
    risk 0.00cvss epss 0.01

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for…

  • CVE-2025-12169Nov 21, 2025
    risk 0.00cvss epss 0.00

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up to, and including, 3.3.0.…

  • CVE-2025-12022Nov 21, 2025
    risk 0.00cvss epss 0.00

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it…

  • CVE-2025-12085Nov 21, 2025
    risk 0.00cvss epss 0.00

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for…

  • CVE-2025-12023Nov 21, 2025
    risk 0.00cvss epss 0.00

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for…

  • CVE-2024-12171Feb 1, 2025
    risk 0.00cvss epss 0.00

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated…